{"id":"CVE-2024-36903","summary":"ipv6: Fix potential uninit-value access in __ip6_make_skb()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix potential uninit-value access in __ip6_make_skb()\n\nAs it was done in commit fc1092f51567 (\"ipv4: Fix uninit-value access in\n__ip_make_skb()\") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6-\u003eflowi6_flags\ninstead of testing HDRINCL on the socket to avoid a race condition which\ncauses uninit-value access.","modified":"2026-04-16T04:36:11.120691756Z","published":"2024-05-30T15:29:04.866Z","related":["ALSA-2024:5363","SUSE-SU-2024:2571-1","SUSE-SU-2024:2896-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1","SUSE-SU-2026:0473-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36903.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/40e5444a3ac315b60e94d82226b73cd82145d09e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/59d74c843ebf46264c7903726cf6f2673a93b07a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a05c1ede50e9656f0752e523c7b54f3a3489e9a8"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36903.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36903"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"605b056d63302ae84eb136e88d4df49124bd5e0d"},{"fixed":"59d74c843ebf46264c7903726cf6f2673a93b07a"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d65ff2fe877c471aa6e79efa7bd8ff66e147c317"},{"fixed":"40e5444a3ac315b60e94d82226b73cd82145d09e"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2c9cefc142c1dc2759e19a92d3b2b3715e985beb"},{"fixed":"a05c1ede50e9656f0752e523c7b54f3a3489e9a8"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ea30388baebcce37fd594d425a65037ca35e59e8"},{"fixed":"68c8ba16ab712eb709c6bab80ff151079d11d97a"},{"fixed":"2367bf254f3a27ecc6e229afd7a8b0a1395f7be3"},{"fixed":"4e13d3a9c25b7080f8a619f961e943fe08c2672c"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"165370522cc48127da564a08584a7391e6341908"},{"last_affected":"f394f690a30a5ec0413c62777a058eaf3d6e10d5"},{"last_affected":"0cf600ca1bdf1d52df977516ee6cee0cadb1f6b1"},{"last_affected":"02ed5700f40445af02d1c97db25ffc2d04971d9f"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36903.json"}}],"schema_version":"1.7.5"}